[Openswan Users] Racoon + FC3 tunneling problem

DurgaPrasad Adusumalli adusumallid at gmail.com
Sat Jan 22 17:50:34 CET 2005 

I have problem using racoon to create ipsec tunnel. My network diagram
is as the one below.

10.0.1.0/24  ------------ 172.16.1.1      ------------------ 
172.16.1.2   ---------- 10.0.2.0/24
I am trying to create a ipsec tunnel between, 10.0.1.2(left client)
and 10.0.2.2                                (right client).

I have inserted the required modules and set ip forwarding.
My ipsec.conf file(on right gateway) is as follows

spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
esp/tunnel/172.16.1.2-172.16.1.1/require;
spdadd 172.16.1.2 172.16.1.1 any -P out ipsec
esp/tunnel/172.16.1.2-172.16.1.1/require;

spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
esp/tunnel/172.16.1.1-172.16.1.2/require;
spdadd 172.16.1.1 172.16.1.2 any -P in ipsec
esp/tunnel/172.16.1.1-172.16.1.2/require;

On the left gateway, out is swapped with in and vice versa.

racoon.conf file (on right gateway) is as below

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
#path certificate "/etc/certs";

remote 10.0.1.2
{
        exchange_mode aggressive;
        situation identity_only;

        my_identifier address;

        lifetime time 24 hour;   # sec,min,hour
        # initial_contact on;
        # proposal_check obey;    # obey, strict or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2 ;
        }
}

sainfo address 10.0.2.0/24 any address 10.0.1.0/24 any
{
        pfs_group 2;
        lifetime time 12 hour;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_sha1, hmac_md5;
        compression_algorithm deflate ;
}

preshared key file is as below
10.0.1.2    password12 on right gateway

10.0.2.2    password12 on left gateway


My log files show the following entries

Jan 22 17:16:54 test racoon: INFO: unsupported PF_KEY message REGISTER
Jan 22 17:16:54 test racoon: NOTIFY: no in-bound policy found:
172.16.1.2/32[0] 172.16.1.1/32[0] proto=any dir=in
Jan 22 17:16:54 test racoon: ERROR: failed to get sainfo.
Jan 22 17:21:35 test racoon: INFO: unsupported PF_KEY message REGISTER
Jan 22 17:21:35 test racoon: NOTIFY: no in-bound policy found:
172.16.1.2/32[0] 172.16.1.1/32[0] proto=any dir=in
Jan 22 17:21:35 test racoon: ERROR: failed to get sainfo.
Jan 22 17:22:17 test racoon: INFO: unsupported PF_KEY message REGISTER
Jan 22 17:23:42 test racoon: INFO: unsupported PF_KEY message REGISTER
Jan 22 17:23:42 test racoon: NOTIFY: no in-bound policy found:
172.16.1.2/32[0] 172.16.1.1/32[0] proto=any dir=in
Jan 22 17:23:42 test racoon: ERROR: failed to get sainfo.

Can anyone suggest me a problem on what to do solve this.
With regards.
Durga Prasad.

More information about the Users mailing list